Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Matt Hathaway  

AUTHOR STATS:

82

Rapid7 Excels at Advanced Analytics and User Monitoring in Gartner's 2017 SIEM Critical Capabilities Report

If you’re looking for a SIEM solution, chances are you’ve at least heard of the Gartner Magic Quadrant for Security Information and Event Management (SIEM). But what about its companion guide, the Critical Capabilities report? Still yes, probably. If you want to understand…

SIEM Market Evolution And The Future of SIEM Tools

There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.…

RSA Conference 2017 Exhibits - Is Your Artificial Intelligence Only 1.0?

If you walked the RSA Conference floor(s) in San Francisco this year, you probably needed to sit down a few times in passing the 680 vendors - not because of the distance or construction as much as from the sensory overload and Rubik's cube…

Incident Detection and Investigation - How Math Helps But Is Not Enough

I love math. I am even going to own up to having been a "mathlete" and looking forward to the annual UVM Math Contest in high school. I pursued a degree in engineering, so I can now more accurately say that I love…

12 Days of HaXmas: Rudolph the Machine Learning Reindeer

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts…

Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans

If you've ever been irritated with endpoint detection being a black box and SIEM detection putting the entire onus on you, don't think you had unreasonable expectations; we have all wondered why solutions were only built at such extremes. As software has evolved and our…

Analytics By Any Other Name: New InsightIDR Detections Released

New detections have been introduced regularly since we first started developing our Incident Detection and Response (IDR) solutions four years ago. In fact, as of today, we have a collection of more than 50 of these running across customer data. But what does that mean?…

SIEM Solutions Don't Detect Attacks, Custom Code And Advanced Analysts Do

This post is the fifth in a series examining the roles of search and analytics in the incident-detection-to-response lifecycle. To read the first four, click here, here, here, and here. While a lot of people may think it's a controversial topic, stating that a SIEM…

Real-Time Discussion On Real-Time Security

In case you haven't yet met someone from Rapid7, you should know that we care about improving security at all companies. We have no interest in selling you products that are going to sit on your shelf, so I recently wore makeup for the first…

Prepare Yourself for Ransomware - No More Snake Oil, Please

Ransomware has hurt more businesses than anyone expected only a year ago. This real threat to your organization could steal a great deal of productivity while systems are “locked” or directly cost the cryptocurrency demanded as ransom. For any organization that's ill prepared, it could…

Vulnerability Management Needs To Stop Slowing Security Improvement

Incremental improvement is great. Nothing, especially in the world of software, is perfect when first released to the market, so iterative improvement is an expectation every customer must have. But problems begin to arise for users when incremental improvement becomes the accepted norm for long…

Compromised Credentials Have a High ROI for Attackers

Given that detecting the use of compromised credentials is at the core of user behavior analytics', and InsightIDR's, focus, I want to explain why compromised credentials are so valuable to attackers. To effectively understand any attacker tools and techniques, we have to put them into…

Attackers Take Advantage Of The Options You Give Them - Malware vs. Credentials

When InsightIDR was purpose-built to detect compromised credentials in the first months of 2014, we did so because we identified a significant gap in detection solutions currently available to security teams. The 2014 Verizon DBIR just happened to subsequently quantify the size of this gap…

Detecting Stolen Credentials Requires Endpoint Monitoring

If you are serious about detecting advanced attackers using compromised credentials on your network, there is one fact that you must come to terms with: you need to somehow collect data from your endpoints. There is no way around this fact. It is not only…

Attackers Prey on Incident Response Bottlenecks

Organizations are taking too long to detect attacks. The average length of time to detect an intruder ranges from 2 months to 229 days across many reports and anecdotal evidence from publicized breaches supports these numbers. This means that attackers are taking advantage of the…